Tuesday, January 21, 2025
Latest:
NETWORK ADMINISTRATIONSWindows server

How to check Registry for malware in Windows 10

Alice AUSTIN


Windows Registry is one of the most sensitive parts of a Windows computer that takes care of every operation that occurs. It’s not unusual to encounter registry malware on your Windows 10 computer, which results in system hack or failure of resources. In this post, we will walk you through the manual procedure to check and remove malware from the registry in Windows 10.

How to check Registry for malware in Windows 10

It is not easy to tell if your PC is infected with any of such registry malware. Fileless Malware sometime may also hide in Rootkits or the Windows Registry. However, if you doubt a malware has infected your machine, you may either remove it or have an antimalware do it for you.

Once the malware infects the system registry, it hijacks the command center, which may result in system and data collapse that sometimes is beyond recovery.

To check and manually remove malware from the registry in Windows 10, do the following:

Check and manually remove malware from Registry

Since this is a registry operation, it is recommended that you back up the registry or create a system restore point as necessary precautionary measures. Once done, you can proceed as follows:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • At the location, on the left pane, scroll down to locate folders starting with Run.

You may find one to up to six of such folders depending on your computer.

  • Now, click on each of these Run folders, which contain a list of programs that your computer is programmed to run automatically as soon as you boot the machine.

It is important you pay extra attention to the entries as many malware programs may be there with misspelled names or they may look unfamiliar to you. If you find any such name, you can search for it on Google or any search engine and research. As soon as you’re satisfied that the entry is not legit and may be malware, right-click the entry, and choose delete.

  • Once you’ve deleted the suspected entry, you’ve possibly removed a registry malware.

Other common Registry keys that malware uses

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesOnce
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell Folders
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionexplorerUser Shell Folders
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionexplorerShell Folders

If you find it difficult to delete locked Registry Keys or DWORDS. etc, you may use Registry DeleteEx.

Read: Malware Removal Guide & Tools for Beginners.

Use free Registry Auditor

Registry Auditor scans your registry for Adware, malware and spyware entries – including parasites and trojans, and tells you by colored icons whether specific Objects are known to be safe or harmful –

  • Green icon stands for Safe,
  • Yellow icon for Unknown and
  • Red icon for Harmful entries.

You can download it here.

Related read: Clean up a ransomware infected Registry using Kaspersky WindowsUnlocker.

That’s it!

Source link

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

You May Also Like

Instalacion y configuracion Windows Server 2019

What is Linux Host command and how to use it?

Mirantis Cloud Native Platform Update

Leave a Reply

Your email address will not be published. Required fields are marked *